
CVE-2017-4938
https://notcve.org/view.php?id=CVE-2017-4938
17 Nov 2017 — VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. VMware Workstation (en versiones 12.x anteriores a la 12.5.8) y Fusion (en versiones 8.x anteriores a la 8.5.9) contienen una vulnerabilidad de desreferencia de puntero NULL en una llamada de un usuario invitado. Una explotación exitosa de este error puede permitir que atacan... • http://www.securityfocus.com/bid/101887 • CWE-476: NULL Pointer Dereference •

CVE-2017-4935 – ThinPrint TPView JPEG2000 Parsing Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4935
17 Nov 2017 — VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtua... • http://www.securityfocus.com/bid/101902 • CWE-787: Out-of-bounds Write •

CVE-2017-4934 – VMware Workstation NAT IP Fragment Reassembly Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4934
17 Nov 2017 — VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host. VMware Workstation (en versiones 12.x anteriores a la 12.5.8) y Fusion (en versiones 8.x anteriores a la 8.5.9) contienen una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el dispositivo VMNAT. Este problema puede permitir que un invitado ejecute código en el host. This vulnerability allo... • http://www.securityfocus.com/bid/101903 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2017-4901 – VMware WorkStation 12.5.5 - Virtual Machine Escape
https://notcve.org/view.php?id=CVE-2017-4901
08 Jun 2017 — The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion. La función drag-and-drop (DnD) en Workstation versiones 12.x y anteriores a 12.5.4 y Fusion versiones 8.x y anteriores a 8.5.5 de VMware, presenta una vulnerabilidad de acceso a la memoria fuera de límites. Esto puede permitir que un invitado ejecu... • https://www.exploit-db.com/exploits/47714 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •